CVE-2024-4027

high Apache
CVSS v3 Base Score
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.6%
Exploitation probability in 30 days
Top 57% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Published: January 30, 2026 (161 days ago)
Last Modified: June 30, 2026
Vendor: Apache
Source: MITRE

Description

A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack.

CWE

CWE-20

Affected Products

Red Hat OpenShift ServerlessRed Hat Red Hat build of Apache Camel 4 for Quarkus 3Red Hat Red Hat build of Apache Camel for Spring Boot 3Red Hat Red Hat build of Apache Camel for Spring Boot 4Red Hat Red Hat build of Apache Camel - HawtIO 4Red Hat Red Hat build of Apicurio Registry 2Red Hat Red Hat Build of KeycloakRed Hat Red Hat build of OptaPlanner 8Red Hat Red Hat build of QuarkusRed Hat Red Hat Data Grid 8

References